1. Field of the Invention
The present invention generally relates to versioning of access control settings for a computer-based resource (e.g., a computer file, a hardware system, a software system, etc.). Specifically, the present invention provides a way to document changes to access controls settings so that previous versions of access control settings can be reverted to if necessary.
2. Related Art
As computer infrastructures become more sophisticated and widespread, a greater need for increased security has been recognized. Traditionally, security is provided in the form of access control settings or permissions, whereby the extent of users' access to various resources is set forth. For example, in a company, certain users may have read only privileges for a file, other users may have read/write privileges, while still other users may have no access privileges at all. From time to time, changes are made to access control settings.
Unfortunately, such changes often raise issues of one form or another. For example, a change to an access control setting giving a certain permission to an entire group of users may be overly broad and cause an undesired security risk. Conversely, a change to an access control setting could be overly narrow and cause an undesired security restriction on one or more users.
To date no system has been proposed that keeps track of a history of changes to access control settings for computer-based resources. To this extent, no existing system identifies the previous and new access control settings that resulted from each change. Still yet, no existing system allows a previous access control setting to be reverted to in the event an access control condition (e.g., undesired risk or undesired restriction) results from a change.
In view of the foregoing, there exists a need for a computer-implemented method, system, and program product for versioning access control settings.